Skip to content Skip to footer

North Korean Threat Actors Exploit ConnectWise Flaws with TODDLERSHARK Malware

Security researchers have discovered that the North Korean cyber-espionage group Kimsuky, also known as APT43, has been exploiting the recently disclosed flaws in ConnectWise ScreenConnect to deliver a new called TODDLERSHARK. The overlaps with previously known such as BabyShark and ReconShark. It is designed to capture and exfiltrate sensitive information about the compromised hosts, making it a valuable reconnaissance tool. The threat actors gained access to the victim workstation by exploiting the exposed setup wizard of the ScreenConnect application. Then, they leveraged their access to execute the VB-based through cmd.exe. The recent ConnectWise flaws -2024-1708 and -2024-1709 have been heavily exploited by multiple threat actors to deliver various types of , including cryptocurrency miners, , and remote access trojans. Kimsuky has been steadily expanding its arsenal to include new tools, the most recent being GoBear and Troll Stealer. The development comes as South Korea's National Intelligence Service (NIS) accuses North Korea of allegedly compromising the servers of two domestic semiconductor manufacturers and stealing valuable data. The cyber attackers targeted internet-exposed and vulnerable servers to gain initial access, subsequently leveraging living-off-the-land (LotL) techniques rather than dropping to evade detection.

Leave a comment

Newsletter Signup

The Grid —
The Matrix Has Me
Big Bear Lake, CA 92315

01010011 01111001 01110011 01110100 01100101 01101101 00100000
01000110 01100001 01101001 01101100 01110101 01110010 01100101

Kid, don't threaten me. There are worse things than death, and uh, I can do all of them.The Plague

Deitasoft © 2024. All Rights Reserved.